OpenE2K/qemu-e2k
13
4
Fork 0
Code Issues 4 Pull Requests Projects 2 Releases Activity

virtio-pci: don't crash on illegal length

Browse Source 
Some guests seem to access cfg with an illegal length value.
It's worth fixing them but debugging is easier if
qemu does not crash.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
This commit is contained in:
Michael S. Tsirkin 2015-07-13 10:32:50 +03:00
parent 8aedc369c6
commit 2a6391232f
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
hw/virtio/virtio-pci.c
View File

@ -546,7 +546,8 @@ static void virtio_write_config(PCIDevice *pci_dev, uint32_t address,
off = le32_to_cpu(cfg->cap.offset);
len = le32_to_cpu(cfg->cap.length);
if (len <= sizeof cfg->pci_cfg_data) {
if (len == 1 || len == 2 || len == 4) {
assert(len <= sizeof cfg->pci_cfg_data);
virtio_address_space_write(&proxy->modern_as, off,
cfg->pci_cfg_data, len);
}
@ -570,7 +571,8 @@ static uint32_t virtio_read_config(PCIDevice *pci_dev,
off = le32_to_cpu(cfg->cap.offset);
len = le32_to_cpu(cfg->cap.length);
if (len <= sizeof cfg->pci_cfg_data) {
if (len == 1 || len == 2 || len == 4) {
assert(len <= sizeof cfg->pci_cfg_data);
virtio_address_space_read(&proxy->modern_as, off,
cfg->pci_cfg_data, len);
}